Doing a test using the password policy did get me some of the way.
I performed a test, to see how the expiration warning looked like, setting a password policy for expire 30 and warn 30, so that the password would live 30 days, and i would start receiving the warning immediately.
Result was that i immediately received a warning - true. But the word of the warning is:
"your password has expired"
followed by 2 fields to enter a new password.
... no option to skip this for another time
so now, even tho expire timer was set to 30 days ahead, the warn timer seemed to force the user to a password reset before connecting.
I've set the warn-timer to 29 days now, and tomorrow i'll see if this simply is a bug when both timers are identical.
Warning should be a heads up to the user, that you now have xx days left to reset your password, in my humble opinion.
(i should mention, i'm running a 100F at Firmware 6.4.0 build 6025 (GA))
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.